Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Malware Harvesting Passwords


  • This topic is locked This topic is locked
2 replies to this topic

#1 wseitz

wseitz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 13 June 2013 - 12:27 PM

My computer has been leaking passwords since April, I thought the infection was out by running Avast anti-virus, but now passwords were leaking again. My website/s server admin shut down my email accounts because they were sent 15k emails overnight to serveral countries.
 

After installing Avast in April, I visited a website I frequent and the anti-virus said it blocked 49 Trojans before Avast nothing was ever blocked. We suspect my computer (Win 8) has an infection in the registry.

 

I have not noticed any performance issues with using outlook email or issues with my computer. However, my email server keeps getting hacked.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.21.2
Run by Wanda Seitz at 13:05:36 on 2013-06-13
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3554.1203 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\dwm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Users\Wanda Seitz\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mstart.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\System32\javaw.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Users\Wanda Seitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mcomm.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mlauncher.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Wanda Seitz\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Bitdefender\Bitdefender 2013\odscanui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\syswow64\wwahost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=21&utm_source=sm&utm_content=1&utm_term=B99D4C65F89B445E
uDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=21&utm_source=sm&utm_content=1&utm_term=B99D4C65F89B445E
mStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=21&utm_source=sm&utm_content=1&utm_term=B99D4C65F89B445E
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SafeSearch: {e27d5867-80de-4449-9c03-71707c0db05b} - C:\Program Files\SafeSearch\ie\adxloader.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Coupon-Matcher BHO: {F0B3FA34-C3B2-4B72-B8FE-A4148C2FA663} - C:\Program Files (x86)\CouponMatcher\1.1\Extension.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: SafeSearch Toolbar: {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - C:\Program Files\SafeSearch\ie\adxloader.dll
TB: Coupon-Matcher: {AC5183D8-28A9-4A36-850D-8C8846855EED} - C:\Program Files (x86)\CouponMatcher\1.1\Extension.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
uRun: [SkyDrive] "C:\Users\Wanda Seitz\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Facebook Update] "C:\Users\Wanda Seitz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRunOnce: [Uninstall C:\Users\Wanda Seitz\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Wanda Seitz\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
uRunOnce: [Uninstall C:\Users\Wanda Seitz\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Wanda Seitz\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\WANDAS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLEARS~1.LNK - C:\Windows\System32\javaw.exe
StartupFolder: C:\Users\WANDAS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Wanda Seitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\WANDAS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{AF72C55E-F89A-47FC-9C57-09A19B555779} : DHCPNameServer = 100.44.153.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{BF29680C-6A52-4617-9823-44F0A75F9190} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{BF29680C-6A52-4617-9823-44F0A75F9190}\64249402355727675696C616E63656026516E60243 : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=21&utm_source=sm&utm_content=1&utm_term=B99D4C65F89B445E
x64-mDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=21&utm_source=sm&utm_content=1&utm_term=B99D4C65F89B445E
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: SafeSearch: {e27d5867-80de-4449-9c03-71707c0db05b} - C:\Program Files\SafeSearch\ie\adxloader64.dll
x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
x64-TB: SafeSearch Toolbar: {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - C:\Program Files\SafeSearch\ie\adxloader64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe"
x64-Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wanda Seitz\AppData\Roaming\Mozilla\Firefox\Profiles\cjk2w64s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.safesearch.net/search?q={searchTerms}&utm_medium=ff&utm_campaign=21&utm_source=sm&utm_content=1&utm_term=B99D4C65F89B445E
FF - prefs.js: browser.search.selectedEngine - SafeSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.safesearch.net/?utm_medium=ff&utm_campaign=21&utm_source=sm&utm_content=1&utm_term=B99D4C65F89B445E
FF - prefs.js: keyword.URL - hxxp://www.safesearch.net/search?q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\SafeSearch\npsafesearch.dll
FF - plugin: C:\Users\Wanda Seitz\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Wanda Seitz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-05-14 10:39; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
R0 avc3;avc3;C:\Windows\System32\Drivers\avc3.sys [2013-6-13 718840]
R0 gzflt;gzflt;C:\Windows\System32\Drivers\gzflt.sys [2013-6-13 147232]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-6-13 98768]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-6-13 106568]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\Drivers\bdvedisk.sys [2013-6-13 78752]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-11-19 92536]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-11-19 199008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-18 98472]
R3 avchv;avchv Function Driver;C:\Windows\System32\Drivers\avchv.sys [2013-6-13 261056]
R3 avckf;avckf;C:\Windows\System32\Drivers\avckf.sys [2013-6-13 593144]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-11-19 269968]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-19 690832]
S0 bdelam;bdelam;C:\Windows\System32\Drivers\bdelam.sys [2013-6-13 23456]
S3 BDSandBox;BDSandBox;C:\Windows\System32\Drivers\bdsandbox.sys [2013-6-13 82384]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-06-13 16:30:59    98304    ----a-w-    C:\Windows\System32\wudriver.dll
2013-06-13 16:30:59    83968    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2013-06-13 16:30:59    39424    ----a-w-    C:\Windows\System32\wuapp.exe
2013-06-13 16:30:59    309760    ----a-w-    C:\Windows\SysWow64\BCP47Langs.dll
2013-06-13 16:30:58    34304    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2013-06-13 16:30:58    18432    ----a-w-    C:\Windows\SysWow64\npmproxy.dll
2013-06-13 16:30:58    17408    ----a-w-    C:\Windows\System32\muifontsetup.dll
2013-06-13 16:30:58    14336    ----a-w-    C:\Windows\SysWow64\muifontsetup.dll
2013-06-13 16:27:52    888320    ----a-w-    C:\Windows\System32\autochk.exe
2013-06-13 16:27:52    542208    ----a-w-    C:\Windows\System32\untfs.dll
2013-06-13 16:27:52    482816    ----a-w-    C:\Windows\SysWow64\untfs.dll
2013-06-13 16:27:51    793088    ----a-w-    C:\Windows\SysWow64\autochk.exe
2013-06-13 16:17:18    144384    ----a-w-    C:\Windows\System32\tssdisai.dll
2013-06-13 15:50:55    --------    d-----w-    C:\Users\Wanda Seitz\AppData\Local\drwandas
2013-06-13 14:51:51    649056    ----a-w-    C:\ProgramData\1371134061.bdinstall.bin
2013-06-13 14:50:20    --------    d-----w-    C:\ProgramData\BDLogging
2013-06-13 14:49:59    23456    ----a-w-    C:\Windows\System32\drivers\bdelam.sys
2013-06-13 14:49:48    78752    ----a-w-    C:\Windows\System32\drivers\bdvedisk.sys
2013-06-13 14:49:19    98768    ----a-w-    C:\Windows\System32\drivers\bdfndisf6.sys
2013-06-13 14:49:19    82384    ----a-w-    C:\Windows\System32\drivers\bdsandbox.sys
2013-06-13 14:49:19    511328    ----a-w-    C:\Windows\capicom.dll
2013-06-13 14:49:12    593144    ----a-w-    C:\Windows\System32\drivers\avckf.sys
2013-06-13 14:49:12    261056    ----a-w-    C:\Windows\System32\drivers\avchv.sys
2013-06-13 14:49:11    718840    ----a-w-    C:\Windows\System32\drivers\avc3.sys
2013-06-13 14:39:16    --------    d-----w-    C:\Users\Wanda Seitz\AppData\Roaming\Bitdefender
2013-06-13 14:39:10    --------    d-----w-    C:\ProgramData\Bitdefender
2013-06-13 14:36:54    --------    d-----w-    C:\Users\Wanda Seitz\AppData\Roaming\QuickScan
2013-06-13 14:34:45    147232    ----a-w-    C:\Windows\System32\drivers\gzflt.sys
2013-06-13 14:34:43    382536    ----a-w-    C:\Windows\System32\drivers\trufos.sys
2013-06-13 14:34:42    --------    d-----w-    C:\Program Files\Bitdefender
2013-06-13 14:28:23    --------    d-s---w-    C:\Windows\SysWow64\Microsoft
2013-06-13 14:23:52    --------    d-----w-    C:\Program Files\Common Files\Bitdefender
2013-06-13 11:53:16    --------    d-----w-    C:\Program Files (x86)\Runtime Software
2013-06-12 13:11:02    17271808    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-12 13:11:01    16642560    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-12 13:09:59    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-06-12 13:09:59    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-06-12 13:09:58    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-12 13:09:58    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-10 16:19:21    --------    d-----w-    C:\Users\Wanda Seitz\AppData\Local\Apple Computer
2013-06-03 14:22:42    78200    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-03 14:22:41    693112    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-02 17:50:06    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-06-02 17:50:06    112872    ----a-w-    C:\Windows\System32\consent.exe
2013-06-02 17:49:32    6987528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-06-02 17:49:30    1455368    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-06-02 17:49:14    861184    ----a-w-    C:\Windows\System32\drivers\http.sys
2013-06-02 17:49:11    2382336    ----a-w-    C:\Windows\SysWow64\esent.dll
2013-06-02 17:49:10    2851840    ----a-w-    C:\Windows\System32\esent.dll
2013-05-21 19:22:50    --------    d-----w-    C:\Users\Wanda Seitz\AppData\Local\TechSmith
2013-05-18 17:19:14    --------    d-----w-    C:\Users\Wanda Seitz\AppData\Roaming\Nitro
2013-05-18 17:19:14    --------    d-----w-    C:\Users\Wanda Seitz\AppData\Roaming\FileOpen
2013-05-18 17:19:14    --------    d-----w-    C:\ProgramData\FileOpen
2013-05-18 17:18:12    29704    ----a-w-    C:\Windows\System32\nitrolocalmon2.dll
2013-05-18 17:18:12    17928    ----a-w-    C:\Windows\System32\nitrolocalui2.dll
2013-05-18 17:17:50    --------    d-----w-    C:\Program Files\Common Files\Nitro
2013-05-18 17:17:47    --------    d-----w-    C:\ProgramData\Nitro
2013-05-18 17:17:47    --------    d-----w-    C:\Program Files (x86)\Nitro
2013-05-18 17:17:47    --------    d-----w-    C:\Program Files (x86)\Common Files\Nitro
2013-05-18 17:16:31    --------    d-----w-    C:\Users\Wanda Seitz\AppData\Roaming\Downloaded Installations
2013-05-16 12:56:32    --------    d-----w-    C:\Users\Wanda Seitz\AppData\Local\jZip
2013-05-16 12:56:06    --------    d-----w-    C:\Program Files (x86)\jZip
.
==================== Find3M  ====================
.
2013-05-23 23:01:46    1300992    ----a-w-    C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05    1022464    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-05-14 14:38:52    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-05-04 07:58:17    120736    ----a-w-    C:\Windows\System32\AuthHost.exe
2013-05-04 07:45:29    2233600    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-04 07:34:17    446720    ----a-w-    C:\Windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:17    213248    ----a-w-    C:\Windows\System32\drivers\UCX01000.SYS
2013-05-04 07:34:15    284416    ----a-w-    C:\Windows\System32\drivers\spaceport.sys
2013-05-04 06:59:51    1483776    ----a-w-    C:\Windows\System32\VSSVC.exe
2013-05-04 06:59:36    812544    ----a-w-    C:\Windows\System32\Magnify.exe
2013-05-04 06:59:25    251904    ----a-w-    C:\Windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25    141824    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-05-04 06:59:24    1619968    ----a-w-    C:\Windows\System32\wucltux.dll
2013-05-04 06:59:08    13644288    ----a-w-    C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54    328192    ----a-w-    C:\Windows\System32\ubpm.dll
2013-05-04 06:58:54    10116096    ----a-w-    C:\Windows\System32\twinui.dll
2013-05-04 06:58:49    173568    ----a-w-    C:\Windows\System32\storewuauth.dll
2013-05-04 06:58:49    1332736    ----a-w-    C:\Windows\System32\sysmain.dll
2013-05-04 06:58:48    330240    ----a-w-    C:\Windows\System32\stobject.dll
2013-05-04 06:58:28    93696    ----a-w-    C:\Windows\System32\psmsrv.dll
2013-05-04 06:58:02    470528    ----a-w-    C:\Windows\System32\netprofmsvc.dll
2013-05-04 06:58:02    151552    ----a-w-    C:\Windows\System32\netprofm.dll
2013-05-04 06:58:01    169984    ----a-w-    C:\Windows\System32\netplwiz.dll
2013-05-04 06:57:46    560640    ----a-w-    C:\Windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15    501760    ----a-w-    C:\Windows\System32\DevicePairing.dll
2013-05-04 06:57:05    179712    ----a-w-    C:\Windows\System32\bisrv.dll
2013-05-04 06:57:05    122368    ----a-w-    C:\Windows\System32\biwinrt.dll
2013-05-04 06:57:04    389120    ----a-w-    C:\Windows\System32\BCP47Langs.dll
2013-05-04 06:57:04    2305024    ----a-w-    C:\Windows\System32\authui.dll
2013-05-04 06:57:00    708096    ----a-w-    C:\Windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00    1131520    ----a-w-    C:\Windows\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53    419840    ----a-w-    C:\Windows\System32\intl.cpl
2013-05-04 04:58:14    758784    ----a-w-    C:\Windows\SysWow64\Magnify.exe
2013-05-04 04:58:02    125952    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2013-05-04 04:57:49    10788864    ----a-w-    C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39    8857088    ----a-w-    C:\Windows\SysWow64\twinui.dll
2013-05-04 04:57:39    247296    ----a-w-    C:\Windows\SysWow64\ubpm.dll
2013-05-04 04:57:35    303616    ----a-w-    C:\Windows\SysWow64\stobject.dll
2013-05-04 04:57:04    151040    ----a-w-    C:\Windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04    115712    ----a-w-    C:\Windows\SysWow64\netprofm.dll
2013-05-04 04:56:48    411136    ----a-w-    C:\Windows\SysWow64\mfmp4srcsnk.dll
2013-05-04 04:56:14    449536    ----a-w-    C:\Windows\SysWow64\DevicePairing.dll
2013-05-04 04:56:06    92160    ----a-w-    C:\Windows\SysWow64\biwinrt.dll
2013-05-04 04:56:05    2035712    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-04 04:55:58    389632    ----a-w-    C:\Windows\SysWow64\intl.cpl
2013-05-04 04:51:38    14848    ----a-w-    C:\Windows\System32\rars.rs
2013-05-04 04:48:33    83968    ----a-w-    C:\Windows\System32\drivers\hidclass.sys
2013-05-04 04:48:26    27648    ----a-w-    C:\Windows\System32\drivers\hidusb.sys
2013-05-04 04:47:02    427520    ----a-w-    C:\Windows\System32\drivers\rdbss.sys
2013-05-04 04:10:47    14848    ----a-w-    C:\Windows\SysWow64\rars.rs
2013-04-30 12:50:46    70152    ----a-w-    C:\Windows\SysWow64\NLSSRV32.EXE
2013-04-28 22:30:55    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-28 22:30:12    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-28 22:28:33    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-28 22:28:29    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-04-28 22:28:00    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-27 05:20:12    733184    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-23 23:13:53    1013248    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-04-23 23:12:44    1569792    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-04-23 23:12:44    109056    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-04-23 22:56:35    1255936    ----a-w-    C:\Windows\System32\certutil.exe
2013-04-23 22:55:48    68096    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-04-23 22:55:48    1889280    ----a-w-    C:\Windows\System32\crypt32.dll
2013-04-23 22:55:48    141312    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-04-13 05:56:35    444416    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-09 05:33:02    489576    ----a-w-    C:\Windows\System32\AudioEng.dll
2013-04-09 05:33:02    446792    ----a-w-    C:\Windows\System32\AudioSes.dll
2013-04-09 05:33:02    253544    ----a-w-    C:\Windows\System32\audiodg.exe
2013-04-09 05:20:02    86280    ----a-w-    C:\Windows\System32\kdnet.dll
2013-04-09 05:20:02    306952    ----a-w-    C:\Windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05    77960    ----a-w-    C:\Windows\System32\kdvm.dll
2013-04-09 05:17:57    1829408    ----a-w-    C:\Windows\System32\ntdll.dll
2013-04-09 04:52:07    816128    ----a-w-    C:\Windows\System32\SearchIndexer.exe
2013-04-09 04:52:07    373760    ----a-w-    C:\Windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07    197120    ----a-w-    C:\Windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07    126464    ----a-w-    C:\Windows\System32\Robocopy.exe
2013-04-09 04:52:06    804352    ----a-w-    C:\Windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51    367616    ----a-w-    C:\Windows\System32\conhost.exe
2013-04-09 04:51:45    523264    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41    99840    ----a-w-    C:\Windows\System32\wscsvc.dll
2013-04-09 04:51:41    456704    ----a-w-    C:\Windows\System32\wpncore.dll
2013-04-09 04:51:17    595456    ----a-w-    C:\Windows\System32\Windows.Networking.dll
2013-04-09 04:51:17    391168    ----a-w-    C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:03    3552768    ----a-w-    C:\Windows\System32\tquery.dll
2013-04-09 04:50:53    414720    ----a-w-    C:\Windows\System32\GenuineCenter.dll
2013-04-09 04:50:39    422400    ----a-w-    C:\Windows\System32\schannel.dll
2013-04-09 04:50:39    1285632    ----a-w-    C:\Windows\System32\schedsvc.dll
2013-04-09 04:50:03    96256    ----a-w-    C:\Windows\System32\mssprxy.dll
2013-04-09 04:50:03    745984    ----a-w-    C:\Windows\System32\mssvp.dll
2013-04-09 04:50:03    2107904    ----a-w-    C:\Windows\System32\mssrch.dll
2013-04-09 04:50:02    65024    ----a-w-    C:\Windows\System32\msscntrs.dll
2013-04-09 04:50:02    435200    ----a-w-    C:\Windows\System32\mssph.dll
2013-04-09 04:50:02    13824    ----a-w-    C:\Windows\System32\msshooks.dll
2013-04-09 04:49:54    1444864    ----a-w-    C:\Windows\System32\MSAudDecMFT.dll
2013-04-09 04:49:45    468992    ----a-w-    C:\Windows\System32\MFMediaEngine.dll
2013-04-09 04:49:45    281088    ----a-w-    C:\Windows\System32\mfreadwrite.dll
2013-04-09 04:49:36    817152    ----a-w-    C:\Windows\System32\kerberos.dll
2013-04-09 04:49:33    210432    ----a-w-    C:\Windows\System32\iuilp.dll
2013-04-09 04:49:16    50176    ----a-w-    C:\Windows\System32\fmifs.dll
2013-04-09 04:49:16    231936    ----a-w-    C:\Windows\System32\fhengine.dll
.
============= FINISH: 13:08:32.00 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:46 PM

Posted 17 June 2013 - 10:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

  • Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:46 PM

Posted 23 June 2013 - 09:32 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users